qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] vNVRAM / blobstore design


From: Michael S. Tsirkin
Subject: Re: [Qemu-devel] vNVRAM / blobstore design
Date: Tue, 2 Apr 2013 16:37:25 +0300

On Tue, Apr 02, 2013 at 09:24:51AM -0400, Kenneth Goldman wrote:
> > > You are of course correct.  I advised an integrity value just to detect
> > > a hardware or software fault.  The check value would not protect against 
> > > an
> > > attack.
> >
> > Fair enough, but why protect these bits specifically?
> > E.g. disk corruption seems more likely (since it's bigger). Add
> > integrity at that level? Why even stop at detection, let's do error
> > correction ...
> 
> Why ... just because it's a security device.  Whenever I code for security,

This is virtualization. Everything is for security here.

> I add layers of protection, constantly looking for "this should never happen"
> cases.

Confused. You said this checksum is for integrity not protection ...

> It might be just a small benefit, but hashing a few kbytes is a small part
> of TPM startup time, and the function is already there.

You are ignoring atomicity issues this can introduce in case of e.g.
host or qemu crash. Most likely, the result just will be data loss
in a situation which would be recoverable otherwise.
The reverse of what you were trying to achieve.

>  Think of it as part
> of the larger (and required) TPM self test that a TPM must do.

Required?

-- 
MST



reply via email to

[Prev in Thread] Current Thread [Next in Thread]